Several security related problems have been discovered in the Linuxkernel which may lead to a denial of service or even the execution ofarbitrary code. The Common Vulnerabilities and Exposures projectidentifies the following problems:

CVE-2004-2660

Toshihiro Iwamoto discovered a memory leak in the handling of direct I/O writes that allows local users to cause a denial of service.

CVE-2005-4798

A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service.

CVE-2006-1052

Stephen Smalley discovered a bug in the SELinux ptrace handling that allows local users with ptrace permissions to change the tracer SID to the SID of another process.

CVE-2006-1343

Pavel Kankovsky discovered an information leak in the getsockopt system call which can be exploited by a local program to leak potentially sensitive memory to userspace.

CVE-2006-1528

Douglas Gilbert reported a bug in the sg driver that allows local users to cause a denial of service by performing direct I/O transfers from the sg driver to memory mapped I/O space.

CVE-2006-1855

Mattia Belletti noticed that certain debugging code left in the process management code could be exploited by a local attacker to cause a denial of service.

Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service.

CVE-2006-2446

A race condition in the socket buffer handling allows remote attackers to cause a denial of service.

CVE-2006-2935

Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD or USB storage device to execute arbitrary code.

CVE-2006-2936

A bug in the serial USB driver has been discovered that could be exploited by a custom made USB serial adapter to consume arbitrary amounts of memory.

CVE-2006-3468

James McKenzie discovered a denial of service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet.

CVE-2006-3745

Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges.

CVE-2006-4093

Olof Johansson discovered that the kernel did not disable the HID0 bit on PowerPC 970 processors which could be exploited by a local attacker to cause a denial of service.

CVE-2006-4145

A bug in the Universal Disk Format (UDF) filesystem driver could be exploited by a local user to cause a denial of service.

CVE-2006-4535

David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system using via an SCTP socket with a certain SO_LINGER value.

The following matrix explains which kernel version for whicharchitecture fixes the problem mentioned above: